great-tech-reset-ibm LinkedIn Email Facebook Twitter WhatsApp The post 行業研究報告: 偉大的技術重置 (IBM) appeared first on VeriMedia. source

Jitender Durairajan, Head Cloud Engineering & Solutions at Sify Technologies, believes it is imperative for businesses to carefully consider who they partner with in their digital transformation journey. He points to IDC’s research on hybrid and multicloud management as a case in point. “IDC’s research found that organizations ‘need to work with professional cloud service providers that offer end-to-end capabilities of assessment, cloud migration, security, and managed services, and that can create integration and unified management tools for hybrid/multicloud, as well as provide cloud-adjacent data centers, latency-sensitive network, and cloud management services,’. This finding is particularly relevant to Sify because it describes the breadth of offerings and the extent of the capabilities and support, they provide to more than 10,000 businesses across India today. Sify believes strongly not only in providing enterprises with best-in-class enterprise multi-tenant cloud, private, public, and hybrid cloud offerings but also everything needed to realize the optimal, most secure cloud journey – one that enables them to realize their larger transformation goals. At the heart of Sify’s cloud portfolio is CloudInfinit, a high-performance, robust, and flexible cloud infrastructure based on proven VMware by Broadcom technologies that enable enterprises to monitor and manage their entire cloud estate with ease. Sify offers customers with a dedicated fully hosted private cloud , with an option of managed public hyperscale cloud – including AWS, Google Cloud, Microsoft Azure, and OCI and everything required to combine both effectively for a truly hybrid approach. “Our long relationship with VMware reflects our shared belief in providing a comprehensive platform that delivers the full array of hybrid cloud capabilities while integrating compute, storage, networking, and security,” he adds. “With VMware at its core, our customers not only retain the VMware solutions they know and trust but also tap into the state-of-the-art developments coming out of Broadcom’s significant investments in innovation, research, and development efforts, we are happy to be directly involved in as a Broadcom Pinnacle Partner.” Private and hybrid cloud future Jitender notes that organizations in highly regulated industries like banking, financial services, government, healthcare, and insurance are increasingly adopting private cloud to ensure that they meet or exceed the most stringent data security, data sovereignty, and compliance requirements. He also points out that private cloud adoption is rightfully increasing in environments where latency and high performance are crucial factors, such as in financial trading platforms, and within sectors like manufacturing and logistics where the deep customization of IT infrastructure is often required to address unique application needs. “We have seen enterprises that originally pushed for a public cloud-first approach but realized that a more nuanced and application-specific focus is actually ideal,” he adds. “The full potential and value of an effective hybrid cloud strategy builds on that premise while delivering the numerous benefits a multi-cloud strategy enables.” Jitender notes that those include far more effective and robust disaster recovery and business continuity capabilities, greater flexibility and scalability, the ability to avoid vendor lock-in, and the ability to match the right workload to the right cloud. Notably, Sify’s hybrid cloud offerings provide all of these and more. “The enterprises that rely on CloudInfinit, from industry stalwarts in banking, government, healthcare, insurance, manufacturing, media, and retail to savvy startups, use it to match the right workloads with the right cloud based on performance, cost, and security needs,” says Jitender. “And our wider portfolio and extensive offerings further optimize the systems involved. In this way, the organizations we partner with know they will receive the full expertise, solutions, and support they need to migrate to the cloud, manage the cloud, and optimize the cloud.” AI Advancements Jitender says, “Looking at the future of AI, we have invested in our cloud infrastructure – CloudInfinit⁺ᴬᴵ capable to deliver high-performance GPU-as-a-Service, optimized for demanding AI workloads supporting deep learning, machine learning, model training, and high-performance analytics with unmatched scalability.” Delivering end-to-end capabilities Notably, Sify’s platform and full cloud portfolio – from assessment, advisory, migration services to multi-cloud environment and management – is enhanced by equally impressive offerings that encompass everything from cloud, network infrastructure, data centers and security solutions. These include 14, high-performance, data centers – each equipped with advanced AI/ML capabilities to deliver 100% uptime and ten layers of security for added resiliency. “Our holistic approach at Sify ensures that our customers have a trusted partner who will support them through their entire digital transformation journey,” says Jitender “That means providing the peace of mind to our customers that their needs will be addressed entirely and at all points in the future.” For more information on Sify Technologies visit here. Look to CIO.com for stories about the industry-leading providers in the Broadcom Advantage Program and insights on how they are helping enterprises succeed in their private, hybrid, and multi-cloud endeavors. source

道指收盤上漲308.51點，漲幅為0.69%，報45014.04點;納指漲254.21點，漲幅為1.30%，報19735.12點;標普500指數漲36.61點，漲幅為0.61%，報6086.49點。 美股周三收高，道指史上首次收在45000點之上。三大股指均創新高。 鮑威爾稱美聯儲在進一步降息方面可能會更加謹慎。 美國11月ADP就業人數增加14.6萬低於預期。 共和黨控制美眾院多數席位，從而同時掌控了國會參衆兩院。 日本或放寬中國公民簽證要求。 廣州市發佈加快推動氫能產業高質量發展的若干措施，推出18條措施支持氫能產業發展，其中包括，加大財政資金支持、提升氫氣供應能力、支持加氫站建設、支持加氫站運營、支持車輛示範運營、實施交通綠色替代等。 券商試點跨境理財通正式展業 招商證券、中金財富、廣發證券等多家券商落地首單業務。 美圖公司(1357)已售出所持全部加密貨幣 獲利約7963萬美元。 新華保險資產管理有限公司於2024年12月3日增持買入8,000,000股股份，每股價格7.0674港元，本次權益變動后持有股份為195,000,000股，佔公司H股股份比例增至5.7192%。同日，新華保險發佈關於舉牌海通證券H股公告稱，公司於2024年11月28日通過二級市場集中競價交易方式增持海通證券H股股份至5.02%。此次為險資五年來首度舉牌券商股，新華保險在11月28日增持海通證券H股達到舉牌線后仍繼續買入。 LinkedIn Email Facebook Twitter WhatsApp source

Banks are looking to modernize their technology platforms and operations. Choosing the right core banking system is a crucial decision that affects customer experience, product offerings, strategic business models, and operational efficiency. The capabilities offered by digital banking processing platforms (DBPPs) have advanced rapidly and gained traction with banks that recognize their role in enabling digital transformation, reducing operational costs, and meeting the demands of consumers, businesses, and regulators. Driving The Digital Transformation Of The Bank The Forrester Wave™: Digital Banking Processing Platforms, Q4 2024, evaluates the top DBPPs driving digital transformation in banking. Successful digital transformation involves more than just impressive front-end applications. It requires overhauling a complex web of technology infrastructure and tightly coupled systems. These DBPPs, built on modern banking architectures, help financial institutions streamline their systems and compete effectively in a digital-first, open, decentralized, and AI-driven banking environment. This report provides an in-depth evaluation of the following top providers: 10x Banking Platform Finastra Essence FIS Modern Banking Platform Fiserv Finxact Infosys Finacle Intellect Design Arena IDC Mambu Core Banking Oracle Banking Suite SBS Banking Platform (formerly Sopra Banking Software) TCS BaNCS Temenos Core Banking Thought Machine Vault Core Consumer, SMB, Corporate Banking, And More — On One Platform Previously, we evaluated vendors separately for retail (consumer) and corporate banking platforms. Traditionally, banks deployed specialized core platforms for different business needs. But as vendors have enhanced their solutions and abstracted functionality from the core, the modern DBPP — headless, decoupled, and domain-driven — can now support all lines of business. This architecture allows banks to easily build or acquire needed business functionality or other specialty solutions. Retail, small- and medium-size business (SMB), corporate banking, and more can be managed from a single platform. This approach reduces IT overhead, simplifies procurement and integration, and allows banks to select the best solutions for any need. Every DBPP Vendor Is A New-School Vendor Now We have seen a significant shift in this marketplace: “New-school” systems weren’t previously mature enough to handle major banking requirements. Now we are seeing either robust core banking systems evolving into a modern DBPP offering or an enhanced “new-school” platform to support all lines of business. This has made the term “new-school vendor” obsolete. Migrations Involve Some Complex Choices Migrating to a DBPP from a legacy platform is not easy. The decision involves several complex considerations: The architecture. Banks will have to decide if they need comprehensive, out-of-the-box banking functionality immediately or if they want to move directly to a highly flexible platform that requires more developer and architect skill to integrate it with existing capabilities and third-party solutions. The cloud. The transition to cloud computing is more than a technical upgrade; it’s a strategic transformation that will define a bank’s operational and competitive capabilities for years to come. In moving to the cloud, banks will have to adopt new security, privacy, compliance, and systems management approaches to realize the benefits of scalability, flexibility, and cost efficiency. The implementation. Banks will need to evaluate their own capabilities for implementation and ongoing management, the vendor’s (or their partners’) implementation service offering, and their financial, compliance, and operational constraints before making this decision. Forrester clients can read our full DBPP Wave evaluation here and register for a webinar, to be held on January 16, 2025, that will go over our learning from this evaluation here. To explore how to transform your banking infrastructure with a DBPP in a personalized guidance session or inquiry, book time with me here. Not a Forrester client? Contact your Forrester account team now to learn more. source

The Dark Web is home to illegal and criminal products and services up for sale — and that certainly encompasses the area of cybercrime. From website hacking to DDoS attacks to custom malware to changing school grades, you can buy one of these services from a hacker for hire. But just how much do these types of items cost? In this article, I examine various sources to show you the costs of hiring a hacker on the Dark Web. The idea is not to tempt you into a life of crime but to reveal the latest findings and improve your cybersecurity knowledge. SEE: The Dark Web: A Guide for Business Professionals (Free PDF) (TechRepublic) 1 Semperis Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Large, Enterprise Features Advanced Attacks Detection, Advanced Automation, Anywhere Recovery, and more 2 ESET PROTECT Advanced Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Advanced Threat Defense, Full Disk Encryption , Modern Endpoint Protection, and more 3 NordLayer Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Small, Medium, Large, Enterprise Hiring a hacker Before I examine the costs, just a brief word on how easy it is for nefarious individuals to find a hacker. According to research from accounting and consulting firm Crowe, “hacker-for-hire services are available in abundance on the Dark Web.” Payments are usually made using cryptocurrency assets to provide the highest level of anonymity. If you’re wondering how big the Dark Web is, then cybersecurity software company Avast explains, “It’s difficult to measure dark web statistics, but it’s estimated that there are tens of millions of URLs on the dark web and tens of thousands of active dark web websites, including thousands of forums and marketplaces.” These alarming facts mean the recruitment process is going to be fairly easy. There are many places to find hackers who are all eager to do unseemly business. SEE: Dell Unveils AI and Cybersecurity Solutions at Microsoft Ignite 2024 (TechRepublic) DDoS attacks Hackers who offer distributed denial-of-service attacks can charge as low as $10 or as high as $750. Based on data from Privacy Affairs’ Dark Web Price Index 2023, $10 would buy you  DDoS attacks on an “Unprotected website, 10-50k requests per second, 1 hour.” If it were a “premium protected website,” then a 24-hour attack would cost around $170. Some hackers will charge by the hour or even by the month to maintain an attack for as long as the buyer wants. Certain hackers will change search engine results to raise or lower a site’s rankings. Others will remove a post that the buyer made on a social network. Some hackers will audit a website’s security, seemingly to show the owner where any vulnerabilities exist. SEE: Cybersecurity: Benefits and Best Practices (TechRepublic Premium) Personal attacks Hackers specializing in personal attacks sell their services for $10 to over $600. A personal attack could include financial sabotage, legal trouble, or public defamation. One tactic touted by a hacker is to frame the victim as a buyer of child pornography. A few hackers offer such services as “scammer revenge” or “fraud tracking,” in which they attack a scammer. Analysis from Crowe, whose team encountered a “hacker-for-hire services menu,” states that gaining access to personal information, addresses, phone numbers, emails, and relatives’ names will, on average, cost $600. The Dark Web Price Index 2023 says a U.S. passport scan could cost as low as $50, which is the price of forged documents. Must-read security coverage Website hacking Website hacking includes attacks against websites and other services hosted online. Hackers can access an underlying web server or a website’s administrative panel. Others can steal databases and administrative credentials. Crowe’s investigation reveals that website and database hacking costs, on average, $1,200. This kind of activity might entail gaining access to the admin dashboard or backend. Computer and phone hacking Based on Crowe’s findings, a computer and phone hacking service runs $950 on average. In this type of attack, the hacker breaks into the victim’s PC or phone to steal data or deploy malware. The operating system doesn’t seem to matter as they boast that they can access Windows, macOS, Linux, Android, or iOS. SEE: Everything You Need to Know about the Malvertising Cybersecurity Threat (TechRepublic Premium) Social media account hacking Hacking into a social media account can range from $20 to $500+. In this service, the hacker will spy on or hijack accounts from such platforms as WhatsApp, Facebook, social platform X, Instagram, Skype, Telegram, TikTok, Snapchat, and Reddit. The malicious activity depends on the service. Criminals who hack into a victim’s Facebook or X account will often steal credentials to give the buyer full access to the account. Those who tap into an account from WhatsApp will likely spy on messages or take screenshots. Email hacking According to Crowe’s data, email hacking sells for $700 on average. In this activity, the hacker steals the victim’s email password and then either gives that password to the buyer or breaks into the account to access data. In some cases, the criminal may set up an email forwarded process to get a copy of all the victim’s emails. SEE: Engaging Executives: How to Present Cybersecurity in a Way That Resonates (TechRepublic) Changing grades Students who want a higher grade can actually pay someone to hack into a school system and alter their grades. Available for both grade schools and universities, this is one of the most common hacking services and one of the most expensive. As a sideline, some hackers also say they can steal the answers to future exams. So, that means a student can get an A+ for exam results but an F- for ethical behavior. According to Crowe, hackers offer access to databases for grading software managed

You might lose signals in data as trends change, too. When contact numbers for customers shifted from landline to mobile phones, organizations lost the ability to extract the customer location from the number. “If you were using area codes to validate locality, you lost a lot of records,” Kashalikar adds. Two companies you work with might also merge, so deciding whether to treat them as the same entity or keep them separate in your golden master record of companies depends on the use case. Even without major changes, the underlying data itself might have drifted. “The relationships between the outcome variables of interest and your features may have changed,” Friedman says. “You can’t simply lock in and say, ‘This dataset is absolutely perfect’ and lift it off the shelf to use for a problem a year from now.” To avoid all these problems, you need to involve people with the expertise to differentiate between genuine errors and meaningful signals, document the decisions you make about data cleaning and the reasons for them, and regularly review the impact of data cleaning on both model performance and business outcomes. Rather than doing masses of data cleaning up front and only then starting development, take an iterative approach with incremental data cleaning and quick experiments. “What we’ve seen to be successful is onboard data incrementally,” says Yahav. “There’s a huge temptation to say let’s connect everything and trust that it works. But then when it hits you, you don’t know what’s broken, and then you have to start disconnecting things.” So start with small amounts of recent data, or data you trust, see how that works, and build more sources or volume of data from there and see where it breaks. “It’s going to eventually break because something you forgot is going to reach the main pipeline, and something’s going to surprise you,” he says. “You want this process to be gradual enough for you to understand what caused that.” source

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More As Amazon takes a major step into the AI space with its new Nova family of foundation models, Google is doubling down on its own multimodal AI capabilities. The tech giant’s cloud division has announced that its latest video and image-generation models, Veo and Imagen 3, are now available on Vertex AI. This move empowers teams to integrate cutting-edge video and image-generation capabilities into their AI workflows, unlocking diverse use cases—especially in marketing and advertising. It also makes Google Cloud the first hyperscaler to offer a video model to its customers.  While the Veo model is currently in private preview, Imagen 3 will be generally available to all Vertex AI users starting next week. Notably, Imagen 3 also includes editing features, enabling users to refine generated images to meet specific creative needs. What do Veo and Imagen 3 offer? First unveiled at Google’s I/O developer conference, Veo is Google DeepMind’s response to competitors like Runway’s Gen-3 and OpenAI’s Sora, delivering a sophisticated video-generation experience. The model transforms text or image prompts into cinematic, high-definition videos in various visual styles, generating clips over 60 seconds long. What sets it apart is frame-level consistency, ensuring subjects move seamlessly within shots. Imagen 3, also from DeepMind, takes on the task of text-to-image generation, producing photorealistic visuals in a variety of styles. Google claims it surpasses its predecessors in detail, lighting accuracy and artifact reduction. Beyond generation, users on Google’s allowlist can also access advanced customization options with Imagen 3. These include image upscaling, inpainting, outpainting and background replacement—all guided by text prompts. Additionally, users can provide reference images, enabling Imagen 3 to create content aligned with specific brand aesthetics, logos or product features. Broader implications for industry Vertex AI has long been Google Cloud’s flagship platform for streamlining AI application development and deployment. By integrating Veo and Imagen 3, the platform offers organizations an even more comprehensive suite of tools to innovate in marketing, sales and beyond. Imagen 3, for instance, simplifies the creation of high-quality assets such as product images and social media content, while Veo extends this capability by offering teams an option to convert these visuals into polished videos. The speeds up production, cuts costs, and accelerates prototyping, allowing teams to iterate rapidly on their creative strategies. “Customers like Agoda are using the power of AI models like Veo, Gemini, and Imagen to streamline their video ad production, achieving a significant reduction in production time,” said Warren Barkley, senior director of product management at Google, in a blog post. He also highlighted that both models include safety features like digital watermarking and content moderation guardrails to mitigate risks associated with generative AI. Other early adopters include Mondelez International—owner of brands such as Oreo, Cadbury, and Milka—and global marketing and communications service WPP. As Google’s foundation models expand their reach, businesses across industries have a powerful opportunity to reimagine how they create and deliver visual content.  Competition continues to heat up While all major cloud providers, including Google Cloud, Amazon Web Services and Microsoft Azure, have been providing image generation models on their respective AI orchestration platforms, video generation has been quite a rarity thus far. Google’s move to launch Veo in private preview today changes that.  Interestingly, soon after the Veo announcement, AWS made a splash at re:Invent with the announcement of Nova Reel, a foundation model that generates six-second-long studio-quality videos from text and image prompts. This model, along with others in the Nova family, is set to become available via Amazon Bedrock, the company’s fully managed service designed to simplify the creation and deployment of generative AI applications.  Microsoft, on its part, appears to be lagging in this category at this stage. Its AI Foundry does not include models for video generation. However, we expect that to change as soon as OpenAI’s Sora hits the market. source

Knowledge management (KM) is experiencing an exciting transformation fueled by the merging of generative AI, human-centered practices, and the evolving landscape of hybrid work. In 2024, two major events — Knowledge Summit Dublin and KMWorld 2024 — offered fascinating insights into this evolution. Attendees witnessed a remarkable journey, transitioning from imaginative discussions about AI’s potential to the tangible realities of its application in the field. Here are my key takeaways from these conferences that showcase the future of KM! Knowledge Summit Dublin: Merging AI And Human Creativity Held at Trinity College in June, Knowledge Summit Dublin showcased the synergy between generative AI and human experience. The conference’s theme, “Generative AI Meets Human Experience,” underscored that while technology is a powerful enabler, human creativity and collaboration remain at the heart of effective KM systems. One of the standout sessions, Stephanie Barnes’ “Radical KM — Art Aids Innovation,” explored how artistic practices could foster creativity and curiosity in teams. The session was a powerful reminder that KM is more than technological tools — it’s about cultivating a culture that values innovation and collaboration. In addition, Meta’s presentation focused on actionable strategies for integrating AI into KM through small, iterative implementations. Its approach provides a roadmap for organizations to experiment with AI while addressing real-world knowledge-sharing challenges. Interactive workshops like the Knowledge Café on conversational leadership emphasized the importance of tacit knowledge — the informal, intangible wisdom that drives meaningful collaboration. These discussions reinforced the need to balance AI capabilities with human interaction to create ecosystems where knowledge flows naturally. Knowledge Summit Dublin painted a compelling vision of generative AI as a complement to human ingenuity, creativity, and organizational culture, rather than a replacement for it. While we have been witness to the start of the evolution of knowledge management, it is clear through some of the dialogue and questions that the adoption of generative AI is in its early phase and that we are still figuring out how to make it scalable. KMWorld 2024: From Concept To Execution In The AI Era Fast-forward to November, and KMWorld 2024 in Washington, DC, marked a shift in focus toward operationalizing KM strategies powered by AI. Under the theme “KM & Enterprise Intelligence: Human or Artificial?” the event prioritized the practical realities of deploying AI in organizational contexts. Keynotes and case studies demonstrated how companies are using AI to streamline workflows, enable better decision-making, and unlock institutional knowledge. Panels tackled complex issues such as algorithmic bias, data privacy, and the importance of transparent governance. These discussions reflect a growing awareness of the ethical implications of AI-driven KM systems. Unlike Dublin’s emphasis on creativity and tacit knowledge, KMWorld 2024 zoomed in on measurable outcomes. For example, participants were introduced to frameworks for evaluating ROI on AI-powered KM initiatives. These metrics went beyond financial returns, including indicators such as knowledge accessibility, employee engagement, and process efficiency. Networking sessions explored solutions for fostering a culture of knowledge sharing in hybrid and remote work environments. These discussions showcased how organizations are enabling seamless collaboration across physical and virtual spaces, addressing the realities of today’s distributed workforce. With an entire track dedicated to storytelling, it is clear that this is an area of high growth worthy of Forrester clients’ attention. KMWorld 2024 shifted the narrative toward actionable strategies, demonstrating how organizations can integrate AI to deliver measurable value while navigating governance and ethical challenges. Emerging Trends In Knowledge Management The takeaways from these two conferences offer an exciting glimpse into the future of KM in 2025 and beyond! Generative AI is set to play a game-changing role, but its true potential will shine through when combined with a focus on human-centered practices. Here are some of the key themes that are starting to emerge that will help shape the future of KM: Balancing technology and humanity. Both events really emphasized the important balance between technology and our core human values. While AI can do a lot to streamline processes and boost efficiency, there’s no replacing the unique qualities of human creativity, empathy, and teamwork. The real challenge is finding ways to use AI that keep people at the heart of what we do. Ethical AI in KM. The increasing use of AI has sparked some important conversations about ethics. At KMWorld, participants highlighted how essential it is to focus on fairness, transparency, and accountability. As more organizations start using AI tools, creating clear governance frameworks will be key to keeping trust and integrity strong. Hybrid and inclusive collaboration. The rise of hybrid work is changing the way that knowledge moves within organizations. We’re seeing a growing need for tools that help share both tacit and explicit knowledge, making it easier to connect across distances and cultures. It’s so important that these technologies focus on inclusivity, ensuring that everyone’s voice is heard no matter where they are or what their role is. KM metrics beyond ROI. As more companies start adopting AI, there’s been a big shift in how they think about measuring the success of their knowledge management. Sure, ROI is still important, but it’s not the only thing on their minds anymore. Now, organizations are also paying attention to things like how well they retain knowledge, their capacity for innovation, and, of course, how happy their employees are. The Road Ahead For Knowledge Management After attending Knowledge Summit Dublin and KMWorld, I’m buzzing with excitement about the dynamic changes happening in the world of KM! Generative AI has stepped off the theoretical stage and is now a powerful, practical tool fueling efficiency and innovation. The shift from abstract AI concepts to real-world applications is palpable, with a strong focus on governance, accountability, and delivering tangible business results. As KM practitioners, we have an incredible opportunity to prioritize adaptability, ethics, and inclusivity, unlocking the true potential of our knowledge assets. In a rapidly changing landscape, KM is poised to be a key driver of resilience, sparking innovation and fostering long-term growth. I can’t wait to see what remarkable developments

太古地產的年度社區節慶活動「白色聖誕市集」以歷年來最大規模回歸，首次將市集範圍由鰂魚涌糖廠街延伸至「太古中央廣場」、「太古公園」，以及毗鄰的海濱社區休憩空間「舍區」。 今年白色聖誕市集於12月4日至12月8日舉行，由「太古地產Placemaking Academy 」(SPPA) 2024年度的十位大學生團隊全力設計、策劃和執行。SPPA今年再次與東區民政事務處東區青藤計劃合作，策劃為中學生而設「SPPA少年計劃」，今年招募共四位來自東區的中學生參與，經業界專家培訓後，將於市集活動擔任司儀。 今年市集以「CampUnity」為主題，將整個太古坊幻化成大型戶外聖誕營地，為社區大眾呈獻一系列節慶主題活動及精彩體驗。除了多達41個零售及餐飲攤檔，市集特設精心準備的全新活動，包括戶外電影放映會、火舞表演，以及多場精彩現場表演和工作坊。 太古地產行政總裁彭國邦表示：「繼太古坊重建計劃於今年完成，我們很高興舉辦歷來規模最盛大的白色聖誕市集。我們已是第 12 年舉辦這項年度社區節慶活動，樂見活動已發展成為一個讓香港青少年展能的平台。」 「SPPA 是太古地產的青年展能旗艦計劃，為白色聖誕市集注入無限創新與活力。我們樂見一班才華橫溢的大學生在六個月的學習旅程中，把他們的構思轉化為大型活動，並有助促進社區參與、提升本地文化和推動可持續發展，充分體現社區營造的力量，實在令人鼓舞。此外，這個計劃已擴展到中學生，讓他們從小就體驗到建設社區的意義，見到他們盡展所長，我們對整個團隊引以為傲。」 「CampUnity」獻上節日暖意 訪客在「CampUnity」聖誕營地將會體驗到溫馨的冬季篝火，體驗溫暖的聖誕氣氛。冬日篝火以霧狀人造火焰形成，運用類似2024年巴黎奧運聖火台的技術，藉著光、水與電力產生火光效果。今年市集新增「太古中央廣場」為其中一個活動及表演場地，利用LED燈飾把廣場內的水池幻化成一條閃爍的星河，讓觀眾於水光幻影中欣賞精彩絕倫的火舞表演。 今年市集除了讓社區大眾盡情選購禮品及享受節日美饌之外，我們更帶來豐富精彩活動。太古公園將首次化身為露天劇場，放映一系列經典聖誕電影，市集更設有不同特色的工作坊，主題涵蓋手工藝製作、運動健身以及寫生體驗等等，讓訪客享受與別不同的聖誕市集。 今屆市集亦延伸至寵物友善的「舍區」舉行，這個「毛孩舍區」設有以寵物為主題的購物攤位以及一系列互動工作坊。 邁向「零廢」綠色市集 貫徹太古地產「2030可持續發展策略」，市集將繼續加入綠色元素，推動可持續發展。今年，450名義工將4萬粒咖啡粉囊升級再造成聖誕燈飾，在節慶當中同時為市集增添環保元素。此外，為減少活動所產生的廢物及達到「零廢」餐飲的目標，我們鼓勵訪客自攜餐具或於現場租借可重用餐具。 太古地產再次與減碳以及可再生能源專業團隊 RESET Carbon及 Recyclink合作，量化碳排放並協助實行回收再造。公司會評估活動的碳足跡，為未來活動制定一系列減碳措施及目標。 今年市集將繼續為「愛心聖誕大行動」籌款，以幫助有需要的社區人士。 有興趣者，可以到IG follow ：https://www.instagram.com/whitexmasstreetfair?igsh=ZHc0ZTlyeXM1N2Uz 以了解詳情。 LinkedIn Email Facebook Twitter WhatsApp source

On Dec. 3, the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and international partners issued guidance on strengthening systems against intrusions by threat actors targeting telecommunications. The guidance was informed by recent breaches affiliated with the Chinese government. The recommendations come weeks after the FBI and CISA identified that China-affiliated threat actors had “compromised networks at multiple telecommunications companies.” Initially, the breaches were believed to target specific individuals in government or political roles. However, on Dec. 3, the FBI clarified that these individuals may not have been the intended targets but were instead “swept up” in the operation. T-Mobile was allegedly one of the affected companies. “Threat actors affiliated with the People’s Republic of China (PRC) are targeting commercial telecommunications providers to compromise sensitive data and engage in cyber espionage,” Assistant Director Bryan Vorndran of the FBI’s Cyber Division, said in a press release. “Together with our interagency partners, the FBI issued guidance to enhance the visibility of network defenders and to harden devices against PRC exploitation.” SEE: Live: AWS re:Invent brings new AI infrastructure, foundation models, and more. Must-read security coverage Guide includes recommendations for improving visibility and hardening security The guide focuses on enhanced visibility — defined as “organizations’ abilities to monitor, detect, and understand activity within their networks” — and hardening systems and devices. Strengthening monitoring includes: Implementing comprehensive alerting mechanisms to detect unauthorized changes to your networks. Using a strong network flow monitoring solution. Limiting exposure of management traffic to the Internet, if possible, including restricting management to dedicated administrative workstations. “Hardening systems and devices” covers many aspects of securing device and network architecture. This advisory section is split into two subsections: protocols and management processes and network defense. These recommendations include: Using an out-of-band management network physically separate from the operational data flow network. Employing a strict, default-deny ACL strategy to control inbound and egressing traffic. Managing devices from a trusted network rather than from the internet. Sending all authentication, authorization, and accounting (AAA) logging to a centralized logging server with modern protections. Disabling Internet Protocol (IP) source routing. Storing passwords with secure hashing algorithms. Requiring multi-factor authentication. Limiting session token durations and requiring users to reauthenticate when the session expires. Using role-based access control. FBI and CISA recommend disabling a host of Cisco defaults The report also provides guidance for using Cisco-specific devices and features. It states that Cisco operating systems are “often being targeted by, and associated with, these PRC cyber threat actors’ activity.” For those using Cisco products, the FBI and CISA have a laundry list of recommendations for disabling services and how to safely store passwords. Namely, IT and security professionals in vulnerable organizations should disable Cisco’s Smart Install service, Guest Shell access, all non-encrypted web management capabilities, and telnet. When using passwords on Cisco devices, users should: Use Type-8 passwords when possible. Avoid using deprecated hashing or password types when storing passwords, such as Type-5 or Type-7. Secure the TACACS+ key as a Type-6 encrypted password if possible. The guide goes hand in hand with Secure by Design principles. “The PRC-affiliated cyber activity poses a serious threat to critical infrastructure, government agencies, and businesses,” said CISA Executive Assistant Director for Cybersecurity Jeff Greene. “This guide will help telecommunications and other organizations detect and prevent compromises by the PRC and other cyber actors.” The full list of recommendations can be found in the guide. source